Kaisa now offers SSO (Single Sign On) authentication to login to the Kaisa dashboard, as an alternative to username/password
authentication. This option is available to customers who meet the following requirements.
-
Your organisation uses an Identity Provider (IdP) to manage employee accounts and access. Eg, Google workspace, Okta, OneLogin.
-
You are able to add a new SAML app integration in your Identity Provider.
-
All employees/users needing access to one or more Kaisa master accounts use a single email domain.
-
All employees/users will use SSO instead of username/password authentication.
SAML assertions and attributes
In order to authenticate and to give the correct organisation level access, some attributes must be sent in the SAML assertion when a user authenticates. We require the following attributes and custom attributes to be added to the SAML assertion.
Attribute name |
Format |
Description |
Custom attribute |
---|---|---|---|
|
string |
The email address of the user |
No |
organisationTags |
string |
List of organisation tags (also referred to as advid or api tag) that define which organisations the user may access.
|
Yes |
If the organisationTags custom attribute is left empty, the user will gain access to all organisations that are managed with your IdP. If you are unsure about the advid values for your different organisations, you can ask our Support team for help.
Steps for setting up SSO for the Kaisa platform
If you would like your users to login to Kaisa using SSO, please contact our support team (support@kaisa.io) and follow the steps below.
-
Ask our support team to provide the variables needed for setting up a new SAML app integration in your IdP. They will provide you with an ACS URL and Entity ID which you will use in the next step.
-
Add the integration into your IdP.
-
Add your users to the new app with the correct attributes.
-
Once complete, send Kaisa the metadata url/document from the created integration and we will continue the setup process on our side.
If your organization has multiple IdPs, please get in touch with our support team(support@kaisa.io)
Once this is setup, you will be able to log in our Kaisa Dashboard using SSO. Any user in your organisation will be asked to enter their email address, and they will be redirected to the service provider of choice for authentication.
For example, if the provider is Okta, you would be redirected after your email is recognised:
Any questions don't hesitate to ask!
Comments
0 comments
Please sign in to leave a comment.